CVE-2025-38377

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw within the rose rt device down() function related to dangling neighbour pointers. Two bugs exist: modification of the loop bound t->count within a loop, potentially causing premature loop termination and missed entries; and incorrect handling of array indices during entry removal, leading to skipped entries. This can result in a use-after-free condition when accessing freed memory through dangling pointers in the rose neigh structure. The issue occurs when removing an entry from the neighbour array, and subsequent entries are moved to fill the gap, but the loop index is still incremented, causing the next entry to be skipped.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.